CVE-2012-2398
owncloud < 3.0.3 - Cross-Site Scripting via Files Parameter
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in files/ajax/download.php in ownCloud before 3.0.3 allows remote attackers to inject arbitrary web script or HTML via the files parameter, a different vulnerability than CVE-2012-2269.4.
References (4)
Core 4
Core References
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/08/11/1
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/09/02/2
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/48850
Vendor Advisory x_refsource_confirm
http://owncloud.org/security/advisories/cve-2012-2398/
Scores
EPSS
0.0036
EPSS Percentile
58.2%
Details
CWE
CWE-79
Status
published
Products (3)
owncloud/owncloud
< 3.0.2
owncloud/owncloud_server
3.0.0
owncloud/owncloud_server
3.0.1
Published
Apr 20, 2012
Tracked Since
Feb 18, 2026